Starting with code 8.3(1), you can also apply one IPv4 and one IPv6
ACL globally, configured with the command access-group global; the
global access-list is always interpreted as an inbound ACL. When the
global ACL is applied, the implicit deny ip any any rule is removed from
any ACL applied inbound on any interfaces, so that the global ACL is
inspected. Assuming all ACLs are configured, and assuming a packet
enters the inside interface and exits the outside interface, the rules
are:

-Traffic is matched against the inbound ACL applied on the inside
interface. If there is a match, the action is taken; if not, it will
match on the default deny ip any any unless global ACL is configured.

-Traffic is matched against the global ACL. If there is a match, the
action is taken; if not, it will match on the default deny ip any any
rule.

-Traffic is matched against the outbound ACL applied on the outside
interface. If there is a match, the action is taken; if not, it will
match on the default deny ip any any rule.

5) objects

You can specify an object with different protocols (i.e. tcp and udp)
and use it for protocol specification, you don’t need to specify ports
numbers again: